The amount of personal data stored in servers around the world is a treasure trove for fraudsters and criminals. Targeted hacking schemes and data breaches can be very lucrative. The information stolen in these attacks is bundled into data packages and sold on the black market or dark web to other criminal enterprises. In fact, the practice has become so commonplace, there is now a slang term for these data packages: Fullz.
What is Fullz?
Fullz is slang for “full information,” a term used to refer to a complete set of personal information on a fraud victim. Fullz information includes at least a full name and billing address; credit card information, including credit card number, expiration date, and card security code; Social Security number and birth date. A single fullz set can sell for up to $100 on the black market – less for incomplete victim profiles – and are often sold to more than one buyer.
If an individual has been the victim of a company’s data breach – a high likelihood for most people today – there is a strong possibility that a fullz profile of that individual’s personal information is available for sale on the dark web. For many individuals who conduct personal business online, it is only a matter of time before their private information is used illegally in an identity fraud scheme using fullz data.
How Fullz Impacts Businesses
It is becoming increasingly difficult for consumers to avoid becoming victims of identity theft. More and more, individuals are required to share personal information in exchange for the convenience of doing business or accessing services online. From loan applications to doctors’ appointments, customers have no choice but to share personal information over the internet. Once submitted, consumers have little control over what happens to their personal information once in the hands of service providers.
By its nature, fullz data is sufficient to create a complete (but fraudulent)online profile, make purchases, access services, and successfully pass ordinary ID verification methods. This puts all businesses at risk of exploitation whether or not they have been victims of data breaches in the past. Therefore, it is essential that businesses enhance their own identity verification processes to minimize the risk of fraud.
Protect Your Business on the Inside
Businesses have a duty to their clients to provide reasonable assurances that personal data is being stored securely and privacy policies are being respected. Most businesses focus on external-facing security measures: using SSL (secure-socket layering) forms to collect personal client data, setting up ID proofing protocols to verify new customer accounts, and establishing fire walls to protect against direct cyberattacks. However, there are six internal-facing measures that businesses can use within their own employees and customer management software to protect valuable business data from falling into the wrong hands.
- Maintain security software on all office desktop terminals and mobile devices, and monitor activity according to all laws and regulations governing your business.
- Instruct employees who conduct business transactions online to check for https at the start of the URL for a vendor pay-site and never to conduct business transactions on public terminals or WiFi networks.
- Train all employees how to be aware of email phishing scams, particularly emails that note a change of financial data or status; contain unsolicited attachments or links; or make unexpected and unusual requests.
- Securely store sensitive documents and shred them after the legal period for maintaining records has expired.
- Stop, breathe, ask. Often, scammers rush their victims and push lots of emotional hot buttons to get the victim to stop thinking rationally. Train employees not to let a phone call or email force them into fast decisions. Instead: Stop, Breathe, and Ask clear, calm critical thinking and timely consultation with a colleague or boss can spare your business and employees the pain and expense of an internal data breach.
- Require employees to share all suspicious communications with IT Security.
Protecting Your Business Online
Fraudsters in possession of fullz are difficult to stop with ordinary online security and ID verification measures because they possess all the information needed to get past typical authentication methods. Improved ID verification processes, such as multi-step ID proofing protocols, are necessary not only to verify with reasonable certainty a customer’s identity, but also to maintain compliance with consumer identity protections. Aristotle combines the best in multi-mode Identity and KYC with real-time actionable anti-fraud tools all in one onboarding session. By investing in cutting-edge online security protocols, your business will gain the trust and confidence of legitimate, verified customers. To learn more about fullz and identity proofing, contact Integrity by Aristotle and learn how we can build a solution to protect your business online today.